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Biometric  Equities  for  Identity  & 
Privilege  Management  Working  Group 

(IPvMWG)  Roadmap 


•  BBFF 

•  IPMSCG  Overview 

•  IPvMWG  Overview 

•  IPvM  CONOPS  Development 

•  Biometric  Equities 


www.biometrics.dod.mil 

Biometrics-enabled  Business  Function 

Framework  (BBFF) 


•  The  Biometrics-Enabled  Business  Functions  Framework  (BBFF)  is 
intended  to  facilitate  evaluation  and  integration  of  biometrics 
technologies  into  DoD  business  processes  to  increase 
effectiveness,  efficiencies  and  accuracy  while  complying  with  DoD 
privacy,  security,  and  information  exchange  policies/requirements. 

•  The  BBFF  has  three  critical  perspectives: 

-  Strategic  -  Authorities  (Identity,  Access  Control  &  S&T) 

-  Operational  -  Policy  &  Acquisition  (implementing  solutions) 

-  Technical  -  biometrics  technologies  &  biometrics  solutions  / 
systems 

•  The  Friendly  Biometrics  BCF2011  Track  has  a  focus  on  collecting 
community  feedback  to  enable  the  development  of  the  BBFF. 
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Identity  Protection  &  Management 
Senior  Coordinating  Group  (IPMSCG) 

Overview 


•  05  Oct  99,  Public  Law  106-65  -  Congress  directed  a  Senior  Coordinating  Group  for  Smart 
Card  Technology  w/  DoD  CIO  oversight 


•  0  Nov  99,  Deputy  Secretary  of  Defense  Memo,  Smart  Card  Adoption  & 
Implementation  -  destablished  the  Smart  Card  Senior  Steering  Group  and  defined 
the  Smart  Card  Senior  Coordinating  Group  (SCSCG)  and  the  Smart  Card 

Configuration  Management  Control  Board  (SCCMCB) 


•  IPMSCG 

is  the  nexus 
for  friendly  forces 
Identity  Protection  & 
Management  (IPM) 

•  Biometrics  is  a 
recognized  critical 
enabler  for  friendly 
forces  IPM  challenges 


•31  Aug  02,  DoDD  81 90.03,  Smart  Card  Technology  -  unified  the 
role  of  the  SCCMCB  with  the  SCSCG 

•12  Jan  04,  DoD  CIO  Memo  established  the  Identity 
Management  Senior  Coordinating  Group  (IMSCG)  in  place 
of  the  SCSCG  and  outlined  the  Biometric  Management 
Office  to  provide  executive  secretariat  support  along  w/  CAC 
and  PKI  offices. 

•1 9  Jul  04,  Certified  Current  23  Apr  07,  DoDD 
1000.25  Personnel  Identity  Protection  (PIP) 
Program  rename  IMSCG  as  the  Identity 
Protection  Management  Senior  Coordinating 

Group  (IPMSCG)  and  establish  Joint  oversight 
between  USD  (P&R)  and  DoD  CIO. 
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DoD  Identity  Management  (IdM) 
Implementation  Guidance 
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2011DOD 
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ITIONFORU 


IPvMWG  Responsibilities 


Lead  the  implementation  of  the  DoD  Identity  Management 
Strategic  Plan  and  DoD  Privilege  Management  Roadmap 

Develop  IPvM  Roadmap  &  Milestones 

Transition  IPMSCG  approved  Identity  and  Privilege 
Management  (IPvM)  recommendations  into  implementable 
activities 

Synchronize  and  coordinate  IPvM  efforts  across  the  DoD  and 
with  federal  partners 

Participants: 

DoD  Components 
Military  services 
DoD  Agencies 
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IPvMWG  Progress  Update 


DoD  IdM  Strategic  Plan  DoD  PvM  Roadmap 


Stage 

5 


Signed  by 
DoD  CIO 
USD  (P&R) 
USD  (I) 
USD  (AT&L) 
USD  (P) 
Apr  2009 


Signed  by  Dep  CIO 


Jan  2010 


Develop  the  Strategy 


Identity  Management  Strategic  Plan 
(2009) 

Privilege  Management  Roadmap 
(2010) 


Stage 

1 


Stage 

2 


Test  and  Adapt  the  Strategy 


•  Conduct  profitability  analysis 

•  Conduct  strategy  validation  and 
testing  (data  from  strategy  map  and 
BSC) 

•  Examine  emerging  strategies 


Strategic  Plan 

•  Objective  alignment 
with  Challenges 


Translate  the  Strategy 


Enterprise-wide  Identity  and  Privilege 
Management  (IPvM)  Recommendations 
(2010) 

— 


DoD  Enterprise-wide  IPvM 
Recommendations 


Approved  by 
IPMSCG  chair 

September  2010 


+ 


FICAM  Roadmap  & 
Implementation 
Guide  (draft) 
November,  2009 


Stage 


Monitor  and  Learn 


•  Hold  strategy  reviews 

•  Hold  operational 
reviews 


Implementation  Activities 


Enterprise-wide  IPvM 
Roadmap  &  Milestones 
(2011) 


Execute  Implementation  Guidance 

nmunity  wide  implementation 


: '  _ 

IMD  Entcrprtu-wirfr  Menlltv  *  PrMIrgc 

Ku.Hlm.ip  £  Mitotan** 

\ 

DOD 

noi  vrvnovrn  prat  rraur  nri  s 

Implements  toX 

IT  CONSOLIDATION 

- - 

Support  / 

ROADMAP 

2—5 

DoD  IPvM  Roadmap  DoD  IT  Consolidation 

(draft)  Roadmap 

(draft) 
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IPvM  Strategic  Plan  Goals 


•  Goal  1 :  Unity  of  Purpose  for  Effective  Governance  and  Employment 
of  IPvM 

•  Goal  2:  Institutionalize  the  DoD  IPvM  capability  and  culture  across 
the  Department 

•  Goal  3:  Build,  deploy,  operate  and  maintain  a  reliable,  interoperable 
and  secure  IPvM  capability 
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Top  level 
activities^ 
within  the 
Business 
Mission  Area  ! 


IPM 

C  apahilities 
Framework 


Reference  and 
Solution  — 
Architectures 


Identity  &  Privilege  Management  (IPvM)  in  the 
Business  Enterprise  Architecture  (BEA) 


Ensure  the  right  capabilities,  resources  and  materiel  are  rapidly  delivered  to  our  warfighters  ■ 

what,  where,  when  they  need  it. 


rTiurm  En  vironm  aril 

aftty  and 

u r-  -i -I n -'i I  Health 
Service! 


Manage  Personnel  Identity  Protection 
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Manage 

Identity 

Manage 

Credentials 

Manage 

Authentication 

Manage 

Privilege 

Manage 

IPM 

federation.. 

Biometrics 
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Governance 


Token  Issuance 
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Manage  Personnel 
Security 


IPM 

apahilities 


Mandatory  Core  &  Shared  Enterprise  Services  (ES) 

£ 


Computing  &  Communications  Infrastructure 
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IPvM  “Cornerstone” 
Recommendations 


1.  Execute  IPvM  performance  management 


Develop  an  IPvM  Roadmap  &  Plan  of  Action  &  Milestones  (POA&M)  and  measure  progress  of  the 
integration  of  interoperable  IPvM  capabilities  across  DoD  Mission  Areas 


Utilize  existing  governance  structures  (IPMSCG,  DAWG,  etc.) 


2.  IPvM  Outreach  to  Functionals  across  DoD  and  beyond: 

-  Work  with  functional  area  architectures  advocating  priorities  important  to  IPvM  to  institutionalize 
integrated  &  interoperable  IPvM  IT  Investment  Review  Board  decision-making  across  the  DoD 
Business  Enterprise 

-  Promote  the  interdependencies  between  mission  areas  regarding  IPvM  capabilities 

-  Coordinate  and  synchronize  activities  with  ICAMSC  and  AASC 

-  Enhance  cyber  security  through  DoD  Enterprise-wide  Identity  &  Privilege  Management 


3.  Organize,  update,  amplify  existing  architectures  and  embrace  federated 
architectures 


-  Integrate  IPvM  capabilities  into  DoD  Mission  Areas  (BMA,WMA,IMA) 

-  Force  IPvM  compliance  through  funding  constraints 

•  Insert  IPvM  criteria  into  the  USD  P&R  Human  Resources  Management  (HRM)  Enterprise 
Architecture  (EA)  and  ultimately  into  the  Business  Enterprise  Architecture  (BEA) 


Authority:  IPMSCG  Chair  approved  the  cornerstone  recommendations  and  assigned  the 
IPvMWG  to  execute  the  development  of  the  Roadmap  &  Milestones 
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Tentative  IPvM  Roadmap  Timeline 


i  i 

j _ i 


IPvM  CONOPs 


IPvM  Activities  & 
Milestones 


IPvM 


Roadmap 
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Stages  of  IPvM  CONOPS  Development 


IPvM 
Scenarios 

•  help  define 
scope  of  IPvM 
activities 

•  help  define 
what  we 
consider  IdM 

•  help  define 
what  we 
consider  PvM 


IPvM 
CONOPS 

•  defines  scope 
of  IPvM  activities 

•  defines  IdM  at 
a  high-level 

•  defines  PvM  at 
a  high-level 

•  defines  IdM  to 
PvM  Transition 

•  defines  IPvM 
key  terminology 


Current  State  - 
IPvM  is  not  a 
recognized, 
managed 
attribute  across 
the  DoD 
Enterprise 


IPvM  Scenario  Development 
will  help  define  scope  of  DoD 
Enterprise  IPvM  Road  Map 
impacts  and  what  are  existing 
attributes  of  Identity 
Management  (IdM)  &  Privilege 
Management  (PvM). 

UNCLASSIFIED 


IPvM  CONOPS 
clearly  defines  the 
agreed  upon  and 
desired  end-state  of 
the  IPvM  Roadmap  & 
Milestones  to  focus 
sub-working  group 
activities. 


Steps  towards  IPvM  CONOPS 


Submit  Stakeholder  Scenarios 

Validate  Identities  of  Interest 

Develop  Conceptual  Model  /  Cartoon 

Identify  potential  IPvM  Use  Cases 

Identify  notional  integration  of  IPvM  Management  & 
Technical  Frameworks 

Identify  IPvM  National  Security  /  Joint  War  fighting 
Capability  Objectives 

Distinguish  between  Enterprise  and  Local  IPvM  Services 


UNCLASSIFIED 


13 


IPvM  Identities  of  Interest 


DoD  IdM  Strategic  Plan  identities: 

•  Individuals  and  Non-Person  Entities  (NPEs) 

•  Blue  /  Friendly  Forces  -  e.g.,  DoD  Civilian,  Military, 
Contractors,  Dependents,  Vendors,  Federal,  State,  Local, 
Tribal 


•  Red  /  Adversary  -  e.g.,  Nation  State,  Asymmetric 

•  Gray  /  Neutral  -  e.g.,  US  Citizen,  Coalition,  Not-Adversary 
but  Foreign,  Industry,  NGOs 


These  are  the  IPvM  identities  of  interest  to  be  covered  in  the  Roadmap. 
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Draft  IPvM  Scenario  Themes 


Draft  IPvM  Scenario  Themes 

Hiring 

Physical  Access 
Logical  Access 
Retirement 


Financial  Transactions 


Forensics  (red) 

Raid  (capture/kill) 

Media  Exploitation 
Boarding  at  Sea 

Humanitarian  Assistance/Disaster  Relief  (HADR) 
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Draft  IPvM  Conceptual  “Cartoon” 
DoD  Military  and  Civilian 


Establish 
DoD  Identity 


Identity  Life-Cycle 


Manage  DoD  Career  Development 


Manage  DoD  Benefits/Compensation 


Manage  DoD  Manpower  and  Health  Services 


Unknown 


"  \ 

Establish 

Suitability  & 
Trustworthiness 


Manage  Trustworthiness  via  Periodic  Reviews 

o - o - o — a 


o 


DoD  Enterprise 


Retire  DoD 
Identity 


i 


Transition 
to  VA 
(Military) 


r 


yy 


“Local”  (Component,  Agency,  Installation  &  Facility) 


Establish  Local 
Physical  Access 


^=> 


Establish  Local 
Logical  Access 


Establish  Local 
Physical  Access,, 

Establish  Local 
Logical  Access 


Establish  Local 
Physical  Access 


Establish  Local 
Logical  Access 


LU 


Terminology  purposely  abstracted  up  to  very  generic  language  &  Concepts 

!  0  IPvMWG  will  mature  this  “Cartoon”  to  a  Model 

Local  commander/resource  owner 

Veterans  Affairs  (VA)  UNCLASSIFIED  16 


Human  Resource  Management  (HRM)  High-Level 
Operational  Concept  Graphic  (OV-l) 


IPvM  operational  concepts 
are  primarily  within  the  HR 
Information  Security  Line 
of  Business  (LoB) 


Identity  and  Privilege 
information  will  flow  in/out  of 
other  LoBs  (e.g.,  Retirement, 
Assignment) 


Position 

Management 


Military  Health 
Services 
Management 


Quality  of 
Life/MWR 
Management 


Interagency 

Support 


Retirement/ 
*  Separation 


7 


Benefits 

Management 


*****  .  Ensuring  readiness 

Structure 


Changing  the  way  HR  serves  you 
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DIGITAL 

IDENTITY 


Vetting 


Identity 

Proofing 


Identity 

Lifecycle 

Management 


Linking  & 
Association 


Authoritative 

Attribute 

Exchange 


Adjudication 


Friendly  /  Blue  :  Draft  DoD  ICAM 

Framework 


CREDENTIALING 


Issuance 


Credential 

Lifecycle 

Management 


Enrollment  & 
Registration 


Sponsorship 


Self-Service 


PERSON  &  NON-PERSON  ENTITIES 


AUTHENTICATION  IPM  FEDERATION 


Credential 

Validation 


Session 

Management 


Biometric 

Validation 


EANCS 


POLICY  & 
PRIVILEGE 
MANAGEMENT 


Federated 

Credentials 


Federated 

Authentication 


Federation 

Policy 


Compliance 
standards  and 
procedures 


Policy 

Administration 


Privilege 

Administration 


Resource 

Attribute 

[Metadata) 


Account 

Management 


Provisioning 


Bind/Unbind 


Backend 

Attribute 

Retrieval 


Policy 
Decision 
J>oint  (PDP) 


Policy 

Enforcement 
Point  (PEP) 


CRYPTOGRAPHY 


Key 

Management 


Encryption  & 
Decryption 


Digital 

Signature 


FICAM  Service 
Area 
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Notional  Integrated  IPvM 
Operational  Capabilities 


Identity  Life~Cyc  I  e 


Establish 
DoD  Identity 


Manage  DoD  Career  Development 


Manage  Do  DJBen  efTts/Comperisatron 


Manage  DoD  ???? 


Eslabfisli 
SLlH&'bllily  S 

Manage  Trustworthiness  via  Periodic  Reviews 

Titistwerllilft&ss 

L _ - 

U  — U  O 

Each  major 
Identity  Population 
have  a  distinct 
Management  & 
Technical 
Services 
Framework 


Neutral  (Gray) 


•  Friendly  Goals  -  enabled  trusted  hiring,  identity  proofing  &  vetting  for  access  control 

•  Adversary  Goals  -  Find,  Fix  (Identity),  Track  &  Act  against  Known  or  Suspected 
Threats  to  US  National  Security 

•  Neutral  Goals  -  Identity  proofing  &  vetting  /  Fix,  track,  other 

•  Operational  (aggregate)  Goals  -  Identity  “superiority”  capabilities  that  require 
integration  of  all  of  the  above  to  achieve,  e.g.  Force  Protection;  Cyber  security; 
Personnel  Recovery;  other 


UNCLASSIFIED 
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2011D0D 

www.biometrics.dod.mil 

BIOMETRICS 

* 

C0LLAB0RA 

DoD  Mission  Areas 

;n  ■ 

Department  of  Defense 

Fiscal  Year  (FY)  2010  IT  President's  Budget  Request 
May  2009 


D)D  MISSION  AREAS 


D  o  D  C  ro  s  s  -  M  i  ssion  Area  For  u  m 


Business  Mission  Area  (B  M  A ) 

UBSMC  Leads 
B  T  A  Im  p  len  e  n  ts 


Warfightirg  Mission  Area  ( W  M  A ) 

C JC  S  Leads 
J6  Im  plena  ents 


DoD  Portion  o  f  In  te  llig  e  n  c  e 
Mission  Area  (DIMA) 
USD(I)  Leads,  DIMAPMO  Implements 


Governance  via  DBSM  C 


Governance  via  JROC 
- 1 - 1 - 1 - 


Governance  vialSR  Council 


c  5 

*  I 

•e  o 
0)  0) 

2  5 


a 

2 


a 

2 


!  ° 


!  £ 


Enterarise  Information  Environment  Mission  Area  (EIEMA) 

OoO  CIO  Leeds,  DoO  Deputy  CIO  Inplements 


Governance  via  EIEMA  IR  B 


Information  Assurance 


Com  m  u  n  ic  atio  ns 


Computing 
Infra  stru  ctu  re 


Core  E  nte  rp  rise 
Services 


Cross-Cuttmg  &  Interd  e  pe  nd  e  nt  D  om  a  ins 


Department  of  Defense 


UNCLASSIFIED 


20 


www.biometrics.dod.mil 


2011DoD 
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"Hiring"  Use  Case 
Process  Flow  Diagram 
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Notional  IPvM  Defense  in 

Depth  (1  of  2) 


Systems  of  System  (or  integrated)  IPvM  Framework  allows  for  assessing 
security  requirements  respective  to  risk  to  allow  for  more  streamlined  access 
control  policies  and  processes  “deeper”  in  the  secure  IPvM  enclave. 
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(f 

Jh. 


Notional  IPvM  Defense  in 

Depth  (2  of  2) 


Force  Protection-  The  ability  to  prevent/mitigate  adverse  effects  of  attacks  on  personnel 
(combatant  /  non-combatant)  and  physical  assets  of  the  US,  Allies  &  Friends 


OCONUS  (Adversary  / 
Neutral)  -Find,  Fix, 
Track  &  Act  against 
Known  or  Suspected 
Threats  to  US  National 
Security 


Protect  Perimeter 


KST  Identity 
Data 


d - 

\ 

Neutral 

\ 

\ 

Criminal 

Identity  Data 

Identity  Data 

QQ(=D 
C=D(M) 
C=DSD 


Technical  Services  (DODCIO)  are  how 
Enterprise  IT  Services  enable  IPvM 
Operational  Activities 


if— ]  (==D  (diD 
C1DGE)' 


Adversary  (Red) 


Neutral  (Gray) 


♦Manage  Identity  -  across  the  full  spectrum  of  IPvM  Frameworks 
♦Manage  Credentials  -  to  align  trusted  roles  to  authorized  access 
♦Manage  Authentication  -  to  ensure  only  authorized  access 
♦Manage  Privilege  -  manage  life-cycle  of  aligned  trusted  roles  & 
authorized  access 

♦Manage  IPvM  Federation  -  Federate  to  enable  IPvM  Operational  Goals 
and  allow  DoD  business  efficiencies  23 


www.biometrics.dod.mil 

Privacy  Compliance  -  more  Systems 
Engineering  than  Policy  Constraint 


Friendly  Biometric  Systems 
require  Privacy  Impact 
Assessment: 

•  Collection 

Signed  Consent 

Disclosure  legal  authority, 
handling  (collect,  store,  share), 
purpose,  etc. 

•  Storage  &  Share 

System  of  Records  Notice 
(SORN) 


*  The  Privacy  Act  of  1974,  E-Government  Act 
of  2002  ,  other... 


UNCLASSIFIED 
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www.biometrics.dod.mil 


Findings  DoD  Identity 
Management  nt  Services 


•  IPvM  Policy  &  Guidance  development  &  drafting 

•  Identity  proofing  &  vetting 

New  hire 

•  New  -  biometrics-enabled  vetting  against  “Watch  List”  of  known  or  suspected  national  security  threats, 
i.e.,  checks  that  would  result  in  actions,  e.g.,  detain,  deny  access,  etc. 

Life-Cycle 

•  Create  Digital  Profile  to  enable  Human  Resource  Management  (HRM) 

Digital  Profile  (Draft  Definition)  -  electronic  record  with  biographical,  contextual  &  biometric 
information  that  describes  a  DoD  Identity  utilized  to  enable  administrative  management. 

•  Create  Digital  Identity  to  enable  Access  Management 

Digital  Identity  -  electronic  representation  of  an  individuals  identity  to  enable  granting  of 
privileges 

Does  this  actually  happen  locally,  is  a  certificate  is  all  that  is  created  at  the  enterprise  level? 

•  Credential  Issuance  &  Life-Cycle  Management 


Note:  DoD  Services  enable  privilege  management,  the  provisioning  / 
deprovisioning  of  privileges  and  resulting  management  occurs  “locally” 
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Findings  DoD  Identity  Management  & 
Privilege  Management  Local"  Services 


•  IPvM  Policy  &  Guidance  compliance  &  refinement 

•  Identity  proofing  &  vetting 

Visitors  (short-term,  limited  access  requirements)  &  tenants  (TDY  or  PCS’d  personnel  and 
Contractors) 

“Local  Life-Cycle”  -  ensure  access  is  granted  for  specific  purpose  and  duration  of 
need/requirement. 

-  Really  need  to  understand  the  policy  driven  use  cases  here... 

•  Leverage  Digital  Profile  to  enable  Human  Resource  Management  (HRM) 

-  What  are  the  policy/regulatory  use  case  of  PCS  or  TDY  inprocessing???? 

•  Leverage  DoD  Credential  to  Create  Digital  Identity  to  enable  Access 
Management 

Verify  Trust 

-  Pro  vision  Access 

-  De provision  Access 

•  Credential  Issuance  &  Life-Cycle  Management 

Only  applicable  for  “local”  Credential  requirements 

Note:  Local  IPvM  encompasses  role  assumption,  perimeter  access,  facilities 
access,  logical  access  and  all  associated  “Local  Life-Cycle”  management 
requirements  unclassified  26 


Draft  IPvM  Conceptual  “Cartoon” 
DoD  Military  and  Civilian 


Establish 
DoD  Identity 


Identity  Life-Cycle 


Manage  DoD  Career  Development 


Manage  DoD  Benefits/Compensation 


Manage  DoD  Manpower  and  Health  Services 


Unknown 


"  \ 

Establish 

Suitability  & 
Trustworthiness 


Manage  Trustworthiness  via  Periodic  Reviews 

o - o - o — a 


DoD  Enterprise 


“Local”  (Component,  Agency,  Installation  &  Facility) 


Establish  Local 
Physical  Access 


^=> 


Establish  Local 
Logical  Access 


Establish  Local 
Physical  Access,, 

Establish  Local 
Logical  Access 


O 


Retire  DoD 
Identity 


i 


Transition 
to  VA 
(Military) 


r 


yy 


Establish  Local 
Physical  Access 


Establish  Local 
Logical  Access 


o  c 


L 


Terminology  purposely  abstracted  up  to  very  generic  language  &  Concepts 

!  0  IPvMWG  will  mature  this  “Cartoon”  to  a  Model 

Local  commander/resource  owner 

Veterans  Affairs  (VA)  UNCLASSIFIED  27 
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Notional  Friendly  Force  IPvM 
Biometric  Enterprise  Equities 


■  Hiring 

Identity  Proofing  &  Vetting 

■  Credential  Issuance  (Digital  Profile) 

"  Biometrics-enabled  Physical  &  Logical  Access  Control 

Identity  Proofing  &  Vetting 

"  Biometrics-enabled  “Watch  List” 

Hiring  -  Identity  Proofing  &  Vetting 
Identity  Fixing 
Identity  Tracking 

■  Authoritative  Repository(s) 

■  Personnel  Recovery 

Second  Order  Effects,  i.e.,  if  we  can  support  all  of  the  above,  then  we  can 

Humanitarian  Assistance  /  Disaster  Response 
Personnel  Accountability 
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Digital  Profile 
(HRM) 


UNCLASSIFIED 
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Digital  Identity 
(E-Authentication) 
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IPvMWG  Contact  Information 


Co-Chairs,  IPvMWG 


Tim  Fong 

Deputy  Director, 

Identity  Assurance  &  PKI  Directorate 
OASD  (Nil)  /  DASD,  CI&IA 

timothy.fong@osd.nnil 

703-604-3156 


Arthur  R.  Friedman 

Senior  Strategist  for  Privilege 
Management 

OASD  (Nil) /DASD,  CI&IA 

arfried@nsa.gov 

240-373-1968 


IPvMWG  support: 

Cynthia  Odom  (cvnthia.odom.ctr@osd.mil)  703-604-3155 
Peter  Joukov  (peter.ioukov.ctr@osd.mil)  703-604-3154 
Bruce  Groskreutz  (baqrosk@nsa.gov)  240-373-4303 


IPvMWG  Websites: 

https://www.us.armv.mil/suite/qrouppaqe/103390 

https://www.intelink.gov/sites/dodipmwq/default.aspx 

Email  peter.ioukov.ctr@osd.mil  to  request  access 


UNCLASSIFIED 


30 


